The U.S. Department of Homeland Security and the FBI released a detailed warning Thursday about cyber intrusions in businesses and critical infrastructure providers, like power companies. The alert shows an elaborate web of attempts by Russia to penetrate and map vulnerabilities for two years.
Russia was blamed in the December 2015 and 2016 attacks on Ukraine’s power system that resulted in a power outage that affected nearly a quarter million people.
The alert by the U.S. Computer Emergency Readiness Team said both energy production and its less secure vendors were targeted. Credentials were stolen, accounts were set up on email servers and within networks. Workstations with data from energy control systems were accessed.
Reports of Russian reconnaissance of the nation’s power grid, nuclear, aviation, construction and other critical infrastructure was first published in September by cyber security company Symantec. Neither Symantec nor DHS gave a scope of the intrusions.
Russian actors used “watering hole” domains as a major reconnaissance technique against trusted vendors of their chief targets. A watering hole attack is when a website that attracts employees or their vendors is altered with malicious code.
According to the alert, half of the watering hole domains identified were trade publications and websites about industrial control systems used in energy generation and other industrial systems.
The DHS and FBI recommended detection and prevention measures, including searching for specific IP addresses and domains.
Paul Flahive can be reached at Paul@tpr.org or follow on Twitter @paulflahive
